The software described in this documentation is either in Extended Support or Sustaining Support. See https://www.oracle.com/us/support/library/enterprise-linux-support-policies-069172.pdf for more information.
Oracle recommends that you upgrade the software described by this documentation as soon as possible.
Dnsmasq is designed to act as a DNS forwarder, DHCP server, and
TFTP server for small networks. You can use dnsmasq as an
alternative to configuring separate DHCP and TFTP services. For
more information about dnsmasq, see the
dnsmasq(8) manual page,
/usr/share/doc/dnsmasq-,
and
http://www.thekelleys.org.uk/dnsmasq/doc.html.
version
To configure dnsmasq for PXE client installation requests:
Install the
dnsmasqpackage.#
yum install dnsmasqEdit
/etc/dnsmasq.confand configure entries for PXE clients and other systems on the network, for example:interface=eth1 dhcp-range=10.0.0.101,10.0.0.200,6h dhcp-host=80:00:27:c6:a1:16,10.0.0.253,svr1,infinite dhcp-boot=pxelinux/pxelinux.0 enable-tftp tftp-root=/var/lib/tftpboot
The lines in the sample configuration file do the following:
-
interface=eth1 Listen for incoming client requests on interface
eth1only.-
dhcp-range=10.0.0.101,10.0.0.200,6h Reserve a pool of generally available IP addresses in the range 10.0.0.101 through 10.0.0.200 on the 10.0.0/24 subnet with a six-hour lease.
NoteA
dhcp-rangesetting is required to enable the DHCP service provided by dnsmasq. If you want to configure static addresses but not an address pool, specify a static network address and the keywordsstaticandinfinite, for example:dhcp-range=10.0.0.253,static,infinite
-
dhcp-host=80:00:27:c6:a1:16,10.0.0.253,svr1,infinite Reserve the IP address 10.0.0.253 with infinite lease time for
svr1, which is identified by the MAC address 08:00:27:c6:a1:16.-
dhcp-boot=pxelinux/pxelinux.0 Specify the location of the boot-loader file required by PXE clients. This example supports BIOS-based PXE clients. An entry that supports UEFI-based clients might take the following form:
dhcp-boot=efi/BOOTX64.efi
If you want to use a separate TFTP server instead of dnsmasq, specify its IP address after the boot-loader path, for example:
dhcp-boot=pxelinux/pxelinux.0,10.0.0.11
-
enable-tftp Enable the TFTP service provided by dnsmasq.
-
tftp-root=/var/lib/tftpboot Specify the root directory for files served by TFTP. To prevent clients from accessing any file on the host, dnsmasq rejects requests that specify
..as a path element.
-
If you configure dnsmasq to provide the TFTP service:
Create the TFTP server directories, for example:
#
mkdir -p /var/lib/tftpboot/pxelinux/pxelinux.cfgCopy the installation kernel and ram-disk image files to the TFTP server directory hierarchy, for example:
#
wget http://10.0.0.11/OSimage/OL6.6/isolinux/vmlinuz\-O /var/lib/tftpboot/pxelinux/vmlinuz#wget http://10.0.0.11/OSimage/OL6.6/isolinux/initrd.img\-O /var/lib/tftpboot/pxelinux/initrd.imgThis example uses HTTP to obtain the files from an installation server.
If you want to support BIOS-based PXE clients, install the
syslinuxpackage and copy thepxelinux.0boot loader to the TFTP server directory hierarchy.#
yum install syslinux#cp /usr/share/syslinux/pxelinux.0 /var/lib/tftpboot/pxelinux/pxelinux.0If you want to support UEFI-based PXE clients, copy the
BOOTX64.efiboot loader and splash image files to the TFTP server directory hierarchy, for example:#
wget http://10.0.0.11/OSimage/OL6.6/EFI/BOOT/BOOTX64.efi\-O /var/lib/tftpboot/efi/BOOTX64.efi#wget http://10.0.0.11/OSimage/OL6.6/EFI/BOOT/splash.xpm.gz\-O /var/lib/tftpboot/efi/splash.xpm.gzCreate the default boot loader configuration file, for example
efi/efidefaultorpxelinux/pxelinux.cfg/default.For more information, see Section 1.4.9, “About Boot-Loader Configuration Files”.
If SELinux is enabled in enforcing mode on your system, use the semanage command to define the default file type of the TFTP server directory hierarchy as
tftpdir_tand then use the restorecon command to apply the file type to the entire directory hierarchy, for example:#
/usr/sbin/semanage fcontext -a -t tftpdir_t "/var/lib/tftpboot(/.*)?"#/sbin/restorecon -R -v /var/lib/tftpbootNoteThe semanage and restorecon commands are provided by the
policycoreutils-pythonandpolicycoreutilspackages.
If you want dnsmasq to act as a caching-only name server, configure a name server entry for 127.0.0.1 that precedes other name server entries.
Dnsmasq ignores the 127.0.0.1 entry and forwards DNS queries to the other listed name servers. If the
NetworkManagerservice is enabled, you can configure name service entries by using the graphical applet, the nm-connection-editor utility, or the system-config-network utility. Otherwise, you can configure name server entries directly in/etc/resolv.conf, for example:nameserver 127.0.0.1 nameserver 10.0.0.8 nameserver 10.0.0.4
Start the
dnsmasqservice, and configure it to start after a reboot.#
service dnsmasq start#chkconfig dnsmasq onIf you make any changes to
/etc/dnsmasq.conf, restart thednsmasqservice. You do not need to restart the service if you change the content of boot loader configuration files.Configure the firewall:
Allow access by DHCP requests, for example:
#
iptables -I INPUT -i eth1 -p udp --dport 67:68 --sport 67:68 -j ACCEPTIn this example, the server expects to receive requests on interface
eth1.If you enable the TFTP service in dnsmasq, allow access by TFTP requests:
#
iptables -I INPUT -i eth1 -p udp --dport 69 -j ACCEPTIf you want dnsmasq to act as a caching-only name server, allow access by DNS requests:
#
iptables -I INPUT -i eth1 -p tcp -m state --state NEW -m tcp --dport 53 -j ACCEPT#iptables -I INPUT -i eth1 -p udp -m udp --dport 53 -j ACCEPTSave the configuration:
#
service iptables save
For information about configuring and using kickstart to perform automated installation, see Chapter 3, Installing Oracle Linux by Using Kickstart.